Worldwide Rasomware attacks continue…

Avast reports that data confirms over 213,000 detections of WanaCrypt0r 2.0 in 112 countries. “We have observed a massive peak in WanaCrypt0r 2.0 (aka WCry) ransomware attacks, with more than 57,000 detections, so far today. According to our data, the ransomware is mainly being targeted to Russia, Ukraine and Taiwan, but the ransomware has successfully infected major institutions, like hospitals across England and Spanish telecommunications company, Telefonica.”

Avast reported in a recent Blog that the the first version of WanaCrypt0r was first seen in February and that now the ransomware is available in 28 different languages, from languages like Bulgarian to Vietnamese. Today, we noticed a a further increase in activity of this strain, which quickly escalated into a massive spreading.

The ransomware changes the affected file extension names to “.WNCRY”, so an infected file will look something like: original_name_of_file.jpg.WNCRY, for example. The encrypted files are also marked by the “WANACRY!” string at the beginning of the file. Furthermore, the ransom being demanded is $300 worth of bitcoins. The ransom message, where instructions on how to pay the ransom, an explanation of what happened, and a countdown timer are displayed in what the cybercriminals behind the ransomware are referring to as “Wana Decrypt0r 2.0”.

This attack once again proves that ransomware is a powerful weapon that can be used against consumers and businesses alike. Ransomware becomes particularly nasty when it infects institutions like hospitals, where it can put people’s lives in danger.

AVG anti-virus solutions from Avast detects all known versions of WanaCrypt0r 2.0, but it is strongly recommended that all Windows users fully update their system with the latest available patches.

Soft-Works will continue to monitor this outbreak and update customers of further updates.